Privacy Policy   

Last updated: October 11th, 2024

General information

Cerenion Ltd (“company”, or “we”) is committed to protect personal data by complying with applicable privacy and data protection laws. The respect for your privacy is a central value for Cerenion and your personal data is only used in ways outlined in this privacy policy. This policy applies to Cerenion’s online channels and services unless they post separate privacy policies.

Personal data refers to any information relating to a natural person (“data subject”) that can identify him/her directly or indirectly. Personal data, data subject, controller and other key terms are defined in the General Data Protection Regulation (2016/679, “GDPR”). The company complies with the GDPR in all processing of personal data in conjunction with other applicable national data protection legislation (data protection legislation).

Controller

Controller: Cerenion Oy

Address: Elektroniikkatie 3, 90590 Oulu, FINLAND

Telephone: +358 50 447 4909

Email: info@cerenion.com

What personal data we may collect?

The company collects only such personal data from the data subject that is relevant and necessary for the purposes described in this privacy policy.

The following personal data from the data subjects will be processed:

  • Contact information such as name, email, phone and address
  • Transactional information such as purchase, customer service and communication history
  • Consents and objections related to direct marketing
  • Other personal information you submit to us about you or other people
  • Electronic identification and behavior data such as IP address, log data and usage information

Purposes and legal basis for processing personal data

Personal data will be processed for the following purposes:

  • Process and respond to your requests based on company’s legitimate interests.
  • Provision of information and materials related to our products and services, for example by newsletters and direct marketing based on company’s legitimate interest or data subject’s consent.
  • Identifying potential customers who are using our services for the purposes of targeting relevant marketing to such persons based on company’s legitimate interest.
  • Market and customer analysis and surveys based on company’s legitimate interest.
  • Business planning and product development based on company’s legitimate interest.
  • Monitoring the use of our website and improving the site functionality and user experience and to present the content of our website in a manner ideal for the visitor’s device based on consent.
  • Providing marketing on our website using cookies based on consent.
  • Enabling social media services such as videos and sharing buttons based on consent. 
  • Ensuring security of our IT environments and protection of data based on statutory obligation or company’s legitimate interest.

Establishing, exercising, or defending against legal claims based on statutory obligation, or our legitimate interest. For processing activities that are based on a legitimate interest, we have carefully balanced such legitimate interest with the data subjects right to privacy and concluded that our interest outweighs the data subjects’ rights and freedoms.

We may anonymise the data and use it for other purposes permitted by applicable law. We will ask for your consent for using your personal information for direct marketing purposes.

Do we share personal data?

We do not sell your personal data. We may share your data only:

  • With our marketing and business partners such as local distributors and IT vendors, who process personal data on behalf of us.
  • If we are required or permitted to do so by law or legal process such as a court order. This also applies to law enforcement with a legitimate request.
  • To prevent physical harm or financial loss, and to defend our legal rights or in connection with illegal activity.
  • In an event of a merger or acquisition
  • Otherwise with your consent

In such case, the personal data will only be disclosed for purposes defined above.

List of the processors and other recipients can be provided upon a request.

Automated visitor information data and use of cookies

We do automatically collect technical information about visitors of Cerenion website such as:

  • Location data such as IP address and country
  • Information about your online activities such as devices, browsing and usage patterns

Moreover, we use the web and email analytics services provided by Google Analytics. Their services use cookies and similar technologies to collect data and are subject to their respective privacy policies. The cookies are used to provide you with the best possible user experience:

  • Make our website work as you would expect
  • Remember your settings during and between visits
  • Improve the speed/security of the site
  • Allow you to share pages with social networks
  • Continuously improve our website for you

We do not collect any sensitive data e.g. health information without your express permission.. Also, we do pass personal information to third-parties only for purposes described in this privacy policy.

Please note that providing personal data to us is voluntary. You can manage cookies through a separate cookie banner. Doing so, however, will likely limit the functionality of websites.

How we update, store and transfer data

Your data may be updated at your request or at our own initiative to correct any inaccurate or outdated information. You can update or review your data by contacting us through the contact us button.

We may store and transfer the personal information outside the country in which the information was provided. The data protection laws may differ from the origin country. We will transfer the personal information only for purposes described in this privacy policy.

The servers and data related to our services are mainly hosted within the European Union (EU). In case personal data is exceptionally transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.

Automated decision making and profiling

We may profile our customers based on their interests so that we can offer them the most interesting products and services.

The company does not make automated decisions.

Retention and protection of personal data

We retain personal information as long as it is needed for the purposes it was obtained. Personal information may be retained longer if there is another lawful basis for doing so. We utilise administrative, physical and technical safeguards to protect all information we retain against unauthorised access or use.

Personal data for marketing purposes is retained for no more than two (2) years from the last contact or as long as the customer relationship is active. However, the retention period may vary depending on the nature and purpose of the data. We always strive to minimize the retention period and regularly delete unnecessary data.

We evaluate the necessity and accuracy of the personal data on a regular basis and endeavor to ensure that the incorrect and unnecessary personal data are corrected or deleted.

Rights of data subjects

The data subject has a number of rights under applicable data protection laws.

Right of access and right of inspection

The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her is being processed.

The data subject has the right to inspect and view data concerning him or her and, upon a request, the right to obtain the data in a written or electric form. This applies to information that the data subject has provided to the company insofar the processing is based on a contract/consent.

Exercising this right is generally free of charge.

Right to rectification and right to erasure

The data subject has the right to require us to delete or stop processing the data subject’s personal data, for example where the data is no longer necessary for the purposes of processing.

However, please note that certain personal data is strictly necessary in order to achieve the purposes defined in this privacy policy and may also be required to be retained by applicable laws.

Right to data portability

The data subject has the right to receive the personal data that he or she has provided to us in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller. This right applies when the processing of the personal data is based on consent or a contract.

Right to restriction of processing

The data subject has the right, under conditions defined by data protection legislation, to request the restriction of processing of his/ her personal data. In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, the company will limit the access to such data.

Right to object to processing

The data subject has the right to object to the processing of data where we are relying on its legitimate interests as the legal ground for processing. For example, the data subject may object to his/her personal data being used for marketing purposes.

Right to withdraw consent

In cases where the processing is based on the data subjects’ consent, he/she has the right to withdraw his/her consent to such processing at any time.

Exercising rights

Requests regarding the rights of data subjects shall be made in written or in electronic form, and the request shall be addressed to the controller mentioned on this privacy policy.

If the data subject’s request cannot be met, the refusal shall be communicated to the data subject in writing. The company may refuse a request (for example erasure of data) due to a statutory obligation or a statutory right of the company, such as an obligation or a claim relating to our services.

The data subject may exercise the aforementioned rights by sending a written request to info@cerenion.com.

If you have any questions relating to our data protection policies or wish to exercise your rights, please do not hesitate to contact us.

Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with a competent data protection authority if the data subject considers that the processing of personal data relating to him or her infringes current legislation.

However, we request that the matter be dealt with the company in the first instance.

The relevant authority in Finland is the Data Protection Ombudsman (www.tietosuoja.fi).

How we change our Privacy Policy

We may make changes to this privacy policy at any time by giving a notice on the website and/or by other applicable means. The data subjects are highly recommended to review the privacy policy on our website every now and then. If the data subject objects to any of the changes to this privacy policy, the data subject should cease using the services, where applicable, and he/she can request that we remove the personal data, unless applicable laws require us to retain such personal data. Unless stated otherwise, the then-current privacy policy applies to all personal data we process at the time.

How to contact us

You may contact us if you have any questions about this Privacy Policy or if you would like us to update information we have about you. Please use the contact us button to get in touch with us.

This privacy policy has been published on October 11th, 2024, version 1.0